Is there a user-role specific way to accomplish this same level of blocking?
What I am trying to accomplish is this:
I have an Open Guest network that returns the role guest.
I would like to put another set of devices that cannot user 802.1x on the guest network, but the devices need to be able to communicate with eachother.
Right now I have deny inter user traffic enabled on the VAP. My thought is I need to remove that option, and move it to the guest user role.
The only solution I've come up with is an ACL, which is not ideal since I can't do an ACL that says user user any deny, since it wants source/destination to be different. So I would need to create ACLs specific to sites.